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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.1 14, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10 
March 2008 has been entered. 

Response to Amendment 

Applicant's amendment to the claims filed 17 January 2008 has been entered. 
Claims 1, 4-7, 9, 1 1-16, 18, and 20-22 are pending. Claims 1, 14-15, and 21 are currently 
amended. Claims 2-3, 8, 10, 17, 19, and 23-45 are cancelled. 

Claim Objections 

As per claim 1, the phrase "the content object including " is incorrect. It appears 
that it should be "the content object includes ." Further, the phrase "the object content" is 
incorrect. It appears that it should be "the content object." 

As per claims 5-7, 11-13, 16, 18 and 22, "previously amended" is an improper 
status identifier. The proper status identifier is "previously presented." See 37 C.F.R. 
1.121(c). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1, 4-7, 9 and 1 1-14 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bohrer et al., U.S. 2003/0088520 (Bohrer), in view of Kohane et al., 
U.S. 2004/0199765 (Kohane). 

1 . Bohrer teaches "A method for managing privacy preferences or access to 
restricted information, comprising," see [0001], "methods, systems and business methods 
to enforce privacy preferences on exchanges of personal data across a network." 

Bohrer teaches "tagging restricted or personal information in a content object to 
distinguish the restricted or personal information from an unrestricted portion of the 
object content," see Fig. 2 and [0045], "The Authorization Dataset in a rule contains the 
data items that can be released according to the rule. Each authorization data set can be 
either a View Level 205 . . . Moreover, a data subject can categorize his/her personal data 
into multiple View Levels (layers) so that the data in each View Level have the same 
privacy preference, access and authorization constraints, whereas data in different View 
Levels have different constraints" where the claimed "content object" is the referenced 
"authorization rule 201" and the claimed "tagging restricted or personal information" is 
the referenced user categorization of personal data into "View Levels." 

Bohrer teaches "and distributing the content object based on the privacy 
preferences or other restriction preferences," see Fig. 4b and [0081], "A data response 
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is. . . the subset of specific data items which were requested and authorized, along with 
associated privacy declarations representing the data subject's privacy preferences." 

Bohrer does not teach "defining the content object to include the unrestricted 
portion of the object content in a mark-up language and a link to the restricted or personal 
information, wherein the content object comprises one of a white paper, a case study, a 
press release, and an article by an author, wherein the unrestricted portion of the content 
object including a title, an abstract, and a description, and wherein the restricted 
information comprises personal identification information of the information." Kohane 
does, however, see [0103], "For example, the record owner can place personal 
identification information within one record object, and the medical information within 
another record object. Then the record owner can give agents falling within the 'other' 
role a privilege to read the record object having the medical information, but grant no 
privileges to the record object with the personal identification information" and [0038], 
"In one embodiment, the complete record is represented using an XML directory tree," 
where the claimed "content object" is the referenced "record," the claimed "unrestricted 
portion" is the referenced "privilege to read" and the claimed "restricted information" is 
the referenced "no privileges to the record object." While Kohane does not explicitly 
teach that the record "comprises one of a white paper, a case study, a press release, and 
an article," it would be obvious for the record to contain at least a white paper since they 
are generally confidential, see [0037], "In other embodiments, the record can include 
other types of personal or confidential information, such as financial data, legal data, 
etc." Thus, it would have been obvious to one of ordinary skill in the database art at the 
time of the invention to combine the teachings of the cited references because Kohane 's 
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teachings would have allowed Bohrer's method to give a third party access to the record 
without revealing the identity of the author, see [0102]. 

Bohrer does not explicitly teach "parsing the content object to provide access to 
the privacy preferences or other restriction preferences in response to the content object 
being collected to satisfy a request." Kohane does, however, see [0103], "Consequently, 
when the research institution accesses the record of the record owner, the gateway server 
system 22 parses through the associated directory file and skips over those record objects 
for which the research institution is unauthorized" and [0083], "The gateway server 
system 22 parses (step 104) through the directory file to determine those record objects 
that the accessing agent can manipulate according to the specified record operation." 
Thus, it would have been obvious to one of ordinary skill in the database art at the time of 
the invention to combine the teachings of the cited references because Kohane 's 
teachings would have allowed Bohrer's method to give a third party access to the record 
without revealing the identity of the author, see [0102]. 

4. Bohrer teaches "The method of claim 1, further comprising: storing the content 
object," see [0017], "it allows a data subject to express complex policies on a large set of 
personal data in a way that is applicable regardless of the specific representation and data 
model used by enterprises that store that data." 

Bohrer teaches "and providing access to the content object," see [0017], "it allows 
a data subject to specify complex privacy preferences that include who can access the 
data." 

5. Bohrer teaches "The method of claim 1, further comprising: storing the 
restricted or personal information in a different location from the content object," see Fig. 
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1 and [0033], "To facilitate the requests from a Data Subject to setup data profiles and 
privacy policies. . . The profiles are stored in a Profile Database 123 while the policies are 
stored in a Policy Database 124." 

Bohrer teaches "and providing access to the restricted or personal information via 
the link, wherein the link comprises a secure connection," see Fig. 1 and [0032], 
"Similarly, a Data Requester 105 can use a web browser 106 or some other computer 
programs 107 to send requests for data 109 as well as receive replies 1 10 to that request 
along with any returned data." 

6. Bohrer teaches "The method of claim 1, further comprising: receiving the 
request for information," see [0032], "a Data Requester 105 can use a web browser 106 
or some other computer programs 107 to send requests for data." 

Bohrer teaches "interrogating content sources," see [0035], "The Profile 
Responder 116 receives requests for profile information. . . and uses the Policy 
authorization engine to check the authorization and privacy policies." 

Bohrer teaches "and collecting any content objects responsive to the request from 
the content sources," see [0016], "The data is released only if the privacy declaration of 
the requester matches the constraints imposed by the data subject via its privacy 
preferences." 

7. Bohrer teaches "The method of claim 6, wherein collecting any content objects 
responsive to the request comprises using a collection function," see Fig. 5 and [0082], 
"When the entire request list has been processed, the data to be returned is gathered 516, 
the response structure is constructed and returned to the requester by the Profile 
Responder 517." 
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9. Bohrer teaches "The method of claim 6, further comprising distributing any 
content object responsive to the request to a privacy function," see [0030], "This 
embodiment supports the enforcement of privacy preferences in data exchanges 
according to authorization checks based on the privacy preferences specified by a data 
subject with the privacy policies of a data requester" where the referenced "authorization 
checks" are the claimed "privacy functions." 

11. Bohrer teaches "The method of claim 1, further comprising locating or 
accessing privacy preferences or other restriction preferences using another link," see 
Fig. 1 and [0032], "Similarly, a Data Requester 105 can use a web browser 106 or some 
other computer programs 107 to send requests for data 109 as well as receive replies 110 
to that request along with any returned data." 

12. Bohrer teaches "The method of claim of claim 9, further comprising 
comparing the privacy preferences or other restriction preferences of the author or owner 
of the content object to a content provider's policies," see [0003], "In some cases the web 
site's privacy policy is compared to the consumer's policy preferences and warnings are 
issued when there is a mismatch." 

13. Bohrer teaches "The method of claim 12, further comprising distributing the 
content object to a requester without any modification to the content object in response to 
the privacy preferences or other restriction preferences of the author or owner of the 
content object being consistent with the content provider's policies," see [0017], "an 
independent third party acting as a data-subject's personal data service and providing 
various services including. . . matching privacy policies, gathering data from third parties 
and releasing and/or authorizing release of data to data requesters." 
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14. Bohrer teaches "The method of claim 12, further comprising: deleting or 
replacing the restricted or personal information with default or generic information in 
response to the privacy preferences or other restriction preferences of the author or owner 
of the content object being inconsistent with the content provider's policies," see [0081], 
"A data response is either a denial, if the request cannot be fulfilled, or the subset of 
specific data items which were requested and authorized" and Fig. 5 where, see [0082], 
"If the result is deny, then the data item is not included in the list of data items to be 
returned in the response 511" where the claimed "deleting" is the referenced data "not 
included" in the response. 

Bohrer teaches "repackaging the content object in response to deleting or 
replacing the restricted or personal information," see Fig. 5 and [0082], "When the entire 
request list has been processed, the data to be returned is gathered 516." 

Bohrer teaches "and distributing the repacked content object to a requester 
without the restricted or personal information which has been deleted ore replaced by the 
default or generic information," see Fig. 5 and [0082], "the response structure is 
constructed and returned to the requester by the Profile Responder 517." 

Claims 15-16, 18, and 20-22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bohrer et al., U.S. 2003/0088520 (Bohrer), in view of Fahlman et al, 
U.S. 5,960,080 (Fahlman). 

15. Bohrer teaches "A method for managing privacy or access to restricted 
information, comprising," see [0001], "methods, systems and business methods to 
enforce privacy preferences on exchanges of personal data across a network." 
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Bohrer teaches "collecting a content object responsive to a request," see Fig. 5 
and [0082], "If authentication succeeds, then the data request is passed to the Policy 
Authorization Engine which retrieves all Authorization Rules of the data subject 
specified in the request 503." 

Bohrer teaches "accessing privacy preferences or other restriction preferences of 
an author or owner of the content object," see Fig. 5 and [0082], "the Policy 
Authorization Engine next compares the privacy declarations in the request with the 
Privacy Preference Rules in the authorization rules for each profile data item name in the 
request item 506." 

Bohrer teaches "comparing the privacy preferences or other restriction 
preferences of the author or owner of the content object to the content provider's 
policies," see Fig. 5 and [0082], "For each data item name in the query and in the request 
item list, the Policy Authorization Engine retrieves any privacy preferences from the 
authorization rules. It then performs the Policy-Preference matching process (see FIG. 6) 
for each data item" and [0005], "the products listed here focus on allowing a complex 
privacy policy to be represented and checked against either a web site's privacy policy or 
a data requester's privacy policy" where the claimed "content provider" is the referenced 
"web site's privacy policy or a data requester's privacy policy." 

Bohrer teaches "repackaging the content object in response to replacing the 
private or restricted information," see Fig. 5 and [0082], "When the entire request list has 
been processed, the data to be returned is gathered 516." 
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Bohrer teaches "and distributing the repackaged content object to a requester 
without the private or restricted information," see Fig. 5 and [0082], "the response 
structure is constructed and returned to the requester by the Profile Responder 517." 

Bohrer teaches "[deleting] private or restricted information. . . in response to the 
privacy preferences or other restriction preferences being inconsistent with the content 
provider's policies, wherein the content provider collects the content object and has 
access to the private or restricted information," see Figs. 4-5, 7, [0081], "A data response 
is either a denial, if the request cannot be fulfilled, or the subset of specific data items 
which were requested and authorized," [0082], "If the result is deny, then the data item is 
not included in the list of data items to be returned in the response 511" and [0088], 
"FIG. 7 is a flow diagram of a routine that enables a gather and filtering process carried 
out to collect data to be returned to a data requester," where the claimed "deleting" is the 
referenced data "not included" in the response. 

Bohrer does not teach "replacing private or restricted information with default or 
generic information." Fahlman does, however, see Fig. 1 and col. 3, lines 48-53, "In step 
105, the identified sensitive terms are replaced with standard tokens. For example, the 
sensitive term 'Mr. Johnson' is replaced by the standard token <person-l>, and the term 
'Jul. 1, 1997' is replaced by <date-l>." Thus, it would have been obvious to one of 
ordinary skill in the database art at the time of the invention to combine the teachings of 
the cited references because Fahlman's teachings would have allowed Bohrer's method 
to grant access to an untrusted source without compromising confidentiality, see col. 1, 
line 66 - col. 2, line 3. 
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16. Bohrer teaches "The method of claim 15, further comprising distributing the 
content object as originally constituted in response to the privacy preferences or other 
restriction preferences being consistent with the content provider's policies," see [0033], 
"To facilitate the requests. . . for data from Data Requesters, the system must provide 
several different functionalities, including the ability to. . . authorize release of data based 
on authorization rules and privacy policy matching and release data." 

18. Bohrer teaches "The method of claim 15, further comprising using a 
collection function to collect the content object responsive to the request," see Fig. 5 and 
[0082], "When the entire request list has been processed, the data to be returned is 
gathered 516, the response structure is constructed and returned to the requester by the 
Profile Responder 517." 

20. Bohrer teaches "The method of claim 15, further comprising distributing any 
content object in response to the request to a privacy function," see [0030], "This 
embodiment supports the enforcement of privacy preferences in data exchanges 
according to authorization checks based on the privacy preferences specified by a data 
subject with the privacy policies of a data requester' where the 'authorization checks' are 
considered 'privacy functions." 

21. Bohrer teaches "The method of claim 20, further comprising parsing the 
content object to provide access to privacy preferences or other restriction preferences," 
see [0044], "In other words, an Authorization Rule declares that for a specified 
Authorization Dataset, the specified Privacy Preference Rule is applied for the specified 
Access List to determine an Authorization Action" and [0046], "The Access List in a rule 
declares who can access the specified data set upon Privacy Preference matching" where 
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in order to apply the referenced "Privacy Preference Rule" to the 'Access List," the 
"Privacy Preference Rule" must be "parsed." 

22. Bohrer teaches "The method of claim 21, further comprising locating or 
accessing the privacy preferences or restriction preferences using a link," see Fig. 1 
where, see [0032], "Similarly, a Data Requester 105 can use a web browser 106 or some 
other computer programs 107 to send requests for data 109 as well as receive replies 110 
to that request along with any returned data." 

Response to Arguments 

As per Applicant's argument that Bohrer docs not teach "defining the content 
object to include the unrestricted portion of the object content in a mark-up language and 
a link to the restricted or personal information, wherein the content object comprises one 
of a white paper, a case study, a press release, and an article by an author, wherein the 
unrestricted portion of the content object including a title, an abstract, and a description, 
and wherein the restricted information comprises personal identification information of 
the information," the Examiner agrees. Kohane does, however, see [0103], "For 
example, the record owner can place personal identification information within one 
record object, and the medical information within another record object. Then the record 
owner can give agents falling within the 'other' role a privilege to read the record object 
having the medical information, but grant no privileges to the record object with the 
personal identification information" and [0038], "In one embodiment, the complete 
record is represented using an XML directory tree," where the claimed "content object" is 
the referenced "record," the claimed "unrestricted portion" is the referenced "privilege to 
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read" and the claimed "restricted information" is the referenced "no privileges to the 
record object." 

While Kohane does not explicitly teach that the record "comprises one of a white 
paper, a case study, a press release, and an article," it would be obvious for the record to 
contain at least a white paper since they are generally confidential, see [0037], "In other 
embodiments, the record can include other types of personal or confidential information, 
such as financial data, legal data, etc." Thus, it would have been obvious to one of 
ordinary skill in the database art at the time of the invention to combine the teachings of 
the cited references because Kohane 's teachings would have allowed Bohrer's method to 
give a third party access to the record without revealing the identity of the author, see 
[0102]. 

As per Applicant's argument that Bohrer does not "parsing the content object to 
provide access to the privacy preferences or other restriction preferences in response to 
the content object being collected to satisfy a request," the Examiner does not agree, but 
has withdrawn the rejection. Instead, Kohane teaches the limitation, see [0103], 
"Consequently, when the research institution accesses the record of the record owner, the 
gateway server system 22 parses through the associated directory file and skips over 
those record objects for which the research institution is unauthorized" and [0083], "The 
gateway server system 22 parses (step 104) through the directory file to determine those 
record objects that the accessing agent can manipulate according to the specified record 
operation." Thus, it would have been obvious to one of ordinary skill in the database art 
at the time of the invention to combine the teachings of the cited references because 
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Kohane's teachings would have allowed Bohrer's method to give a third party access to 
the record without revealing the identity of the author, see [0102]. 

As per Applicant's argument that Bohrer does not teach "replacing private or 
restricted information with default or generic information in response to the privacy 
preferences or other restriction preferences being inconsistent with the content provider's 
policies, wherein the content provider collects the content object and has access to the 
private or restricted information," the Examiner agrees in part. Bohrer teaches 
"[deleting] private or restricted information. . . in response to the privacy preferences or 
other restriction preferences being inconsistent with the content provider's policies, 
wherein the content provider collects the content object and has access to the private or 
restricted information," see Figs. 4-5, 7, [0081], "A data response is either a denial, if the 
request cannot be fulfilled, or the subset of specific data items which were requested and 
authorized," [0082], "If the result is deny, then the data item is not included in the list of 
data items to be returned in the response 511" and [0088], "FIG. 7 is a flow diagram of a 
routine that enables a gather and filtering process carried out to collect data to be returned 
to a data requester," where the claimed "deleting" is the referenced data "not included" in 
the response. 

Bohrer does not teach "replacing private or restricted information with default or 
generic information." Fahlman does, however, see Fig. 1 and col. 3, lines 48-53, "In step 
105, the identified sensitive terms are replaced with standard tokens. For example, the 
sensitive term 'Mr. Johnson' is replaced by the standard token <person-l>, and the term 
'Jul. 1, 1997' is replaced by <date-l>." Thus, it would have been obvious to one of 
ordinary skill in the database art at the time of the invention to combine the teachings of 
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the cited references because Fahlman's teachings would have allowed Bohrer's method 
to grant access to an untrusted source without compromising confidentiality, see col. 1, 
line 66 - col. 2, line 3. 
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Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
Applicant's disclosure: U.S. 2002/0091741 and U.S. 2003/0145017. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aaron Sanders whose telephone number is 571-270-1016. 
The examiner can normally be reached on M-F 9:00a-4:00p. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tim Vo can be reached on 571-272-3642. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Tim T. Vo/ 

Supervisory Patent Examiner, Art Unit 
2168 

/Aaron Sanders/ 
Examiner, Art Unit 2168 
13 May 2008 



Application/Control Number: 1 0/709,75 1 Page 1 8 

Art Unit: 2168 

/S. P./ 

Primary Examiner, Art Unit 2164 



